In 2017, I (Cal) decided to leave Gradient and join a small start-up company just to the south of Dallas in Waxahachie. Prior to this decision, most of my business life had revolved around external client service in audit or consulting. Thankfully, my external life prepared me well for a new reality within a single business as the Chief Financial Officer from June of 2017 to September 2019. During that time, I was part of completing three external audits of our entity's financial statements. As a consultant, I would recommend or suggest methods to improve oversight, reduce risk, or align processes to strategies. One of the items we’d regularly recommend to our friends in finance and accounting was the use of an internal representation letter to the entire executive or management team ultimately responsible for the success of the entity and the resulting information and transactions used in the financial statements. The standard representation letter required by external audit teams is very broad with a reasonable risk that knowledge of all events in the letter will escape even the most informed executive, Chief Financial Officer, Chief Executive Officer, Chief Accountant, or others that normally sign the final document.
One of the first things I did during the first external audit as the CFO was to take my own advice and issue an internal representation letter to our executive team. It was a fairly simple process, but one that helped me feel more comfortable in signing the actual representation letter. I was also able to execute the process on my own without the other staff or IT. Here are the steps I followed and that I would recommend to you:
· First, I reviewed the actual representation letter with our internal accounting team and legal. If we weren’t comfortable with an item or felt that the wording of an item needed to change, we proposed changes to the audit team. When the changes were reasonable, common ground was able to be reached on most proposed items.
· Second, I took the final draft (unsigned) representation letter and re-wrote it in a form that hit the key items of the letter that I felt should be reviewed and shared by the executive team. During this process, I didn’t pass accounting type items to the team, but focused more on the broad business items or blanket statements in the letter wording. Each internal representation letter will look a little different and should be customized to your organization. Here are a few examples to consider.
o Knowledge of all related party transactions or validation of those items listed in the letter.
o Knowledge of all fraud or suspected fraud.
o Knowledge of any material breaches in internal controls especially around financial reporting, privacy issues, or security.
o Knowledge of any reports, studies, or reviews, whether internal or external, that have not been reported to the accounting team.
o Knowledge of any regulatory or compliance related issues.
o Knowledge of any health and safety issues.
o Knowledge of any litigation or pending litigation or validation of those items listed in the letter.
o Knowledge of any additional subsequent events or validation of those listed in the letter.
o Knowledge of destruction or major changes to significant company assets.
o Knowledge of any new significant contracts or agreements.
o Knowledge of any significant staff turnover that could impact the organization’s financial reporting ability in a material way.
· Third, I sent an email or made a phone call to each of the key executives explaining what I needed and why I needed it. It is important to communicate why their input and feedback is important and the broadness of the representations requested by the typical letter. As the CFO, this was also a good time to explain a few key points and how they relate to effective internal controls within the organization. The letter itself is also a good, short training document in the sense that it provides the executives a short and concise view of some of the key questions that are normally asked by external auditors.
· Finally, I distributed the letter through the DocuSign system. Since it was the start-up, I had the fortunate, or some might say unfortunate, duty of having my hands in many of the shared service functions. With DocuSign, I was able to upload and distribute my document for signature without the support of IT or other professionals with the organization. It made for an efficient and effective process.
In my view, performing the process I outlined above, which doesn’t take a significant amount of time, helped me to feel more comfortable in signing the representation letter as provided by the external audit team. If you are one of the signers of the document, I’d encourage you to perform a similar process as I’ve listed above. The document doesn’t have to be highly formal or technical, but can simply be a short list of bullet points you’d like to get confirmation or more information about from your team.